TrueCrypt to be renamed FakeCrypt

[deadrats]

j/k, but there is something going on as the official page is saying that it's not secure and that it should not be used by anyone:

http://arstechnica.com/security/2014/05/truecrypt-is-not-secure-official-sourceforge-p...bruptly-warns/

http://truecrypt.sourceforge.net/

it's interesting that the page tells users to migrate to bit locker, makes one wonder what is going on.

[drjtech]

I figured this was just a site hack until I read the linked arstechnica article.

Significantly, TrueCrypt version 7.2 was certified with the official TrueCrypt private signing key, suggesting that the page warning that TrueCrypt isn't safe wasn't a hoax posted by hackers who managed to gain unauthorized access.

[jman98]

Nobody currently knows what the heck is going on with TrueCrypt right now. The people who run the project are not responding to attempts to contact them.

The Registry in the UK insists that the website was hacked and the private key was updated just before the hack, so the 7.2 "certification" was with a bogus key. I would not recommend that anybody download the 7.2 version at present.

I checked Slashdot as sometimes they have people there who have insider information and post and nobody there knows what is going on either. Speculation runs from the website being hacked to the programmers wanting to force people to a commercial solution (BitLocker) to make money to this being a kind of secret admission that the NSA may have compromised TrueCrypt and people should abandon it. The reason given on the website itself makes no sense at all and cannot possibly be serious, which makes me think most likely the site was hacked.

[deadrats]

the problem with the "site was hacked" theory is that evidently the code has been altered as well so that you can no longer use True Crypt to, only to decrypt already encrypted volumes.

this plus the NSA's claims a while back that they had the ability to decrypt ANY encrypted volumes out there makes one wonder if True Crypt has been compromised.

but to recommend Bit Locker?

[jman98]

Slashdot now has a post from a guy who has worked with the project in the past. He says that the project has had very little new functionality for a long time and there's some things that suggest that major developers have long ago left it. His guess is that one of the few remaining developers has discovered a bug that they don't have the expertise to fix and they have decided to shut down the project as a result. He said that Microsoft won't release the APIs necessary to make TrueCrypt able to handle hibernate/sleep in Win 8 and above and that's probably playing a part in this too. Perhaps an honest admission of "We don't have the resources necessary to do this anymore" would have been better than the "Windows does what we do better than us now anyway" approach that was taken. Those in the know are remaining silent so this is all just speculation.